We're still discussing whether we want to remove this or not, but
regardless of whether we end up removing it or not, it's something
we add ourselves and as such should not live in our headers that
override glibc headers, so let's move it to fd-util.h.
fd-util: Move RAW_O_LARGEFILE definition to fd-util.h
This is not something that comes from glibc, but which we invent
ourselves. As such, it should not be part of our overrides of glibc
headers, but instead should be part of one of our own headers, so
let's move it to fd-util.h.
logind: Don't match non-leader processes for utmp TTY determination (#38027)
This ensures we don't erroneously assign pseudoterminals created by
terminal emulators that use utempter to register themselves in utmp when
run under a GUI session that doesn't have a TTY assigned.
With these two changes the vscode parser works nicely again. Once the
EDG frontend adds support for this feature I'll fix it to check for the
fixed version like for GCC.
The EDG frontend is used by intellisense, which is the default
engine in VSCode, so parsing is currently broken and tons of
spurious errors are shown. Skip this feature when this
compiler frontend is used.
Yaping Li [Thu, 3 Jul 2025 00:06:04 +0000 (17:06 -0700)]
test-xattr-util.c: migrate to new assertion macros (#38025)
We recently added a new set of assertion macros such as ASSERT_GE,
ASSERT_OK, ASSERT_EQ, ... which show not only the expression that failed
but also the values of the arguments of the expression. Let's use them.
Yu Watanabe [Mon, 30 Jun 2025 08:17:22 +0000 (17:17 +0900)]
test-dns-search-domain: several cleanups
- use STRV_MAKE() macro,
- add several missing assertions,
- use more suitable ASSERT_XYZ() macros,
- drop TEST(dns_search_domain_unlink_all), as it is already tested in
TEST(dns_search_domain_new_system_limit).
logind: pick up tty info from utmp only for tty sessions
Let's tighten the rules for picking up TTY information from utmp: let's
do so only for TTY session, nothing else. Apparently people have issues
with graphical sessions with certain terminal emulators that install
entries in utmp for each emulator window.
logind: Don't match non-leader processes for utmp TTY determination
This ensures we don't erroneously assign pseudoterminals created by
terminal emulators that use utempter to register themselves in utmp when
run under a GUI session that doesn't have a TTY assigned.
The tests are written and consumed by developers. Errno descriptions are good
for users, but for developers the errno "name" is actually more useful, and
we need to always map the description back to the name to compare with the
code. Let's make things simpler for ourselves by printing the errno names
directly.
Example output:
src/test/test-tests.c:15: Assertion failed: Expected "-1" to succeed, but got error: -1/EPERM
src/test/test-tests.c:16: Assertion failed: Expected "-ENOANO" to succeed, but got error: -55/ENOANO
src/test/test-tests.c:20: Assertion failed: Expected "0" to be positive, but it is zero.
src/test/test-tests.c:62: Assertion failed: Expected "RET_NERRNO(mkdir("/i/will/fail/with/enoent", 666))" to fail with error -55/ENOANO, but got -2/ENOENT
src/test/test-tests.c:68: Assertion failed: Expected "0" to fail with errno 2/ENOENT, but it succeeded
src/test/test-tests.c:70: Assertion failed: Expected "mkdir("/i/will/fail/with/enoent", 666)" to fail with errno 55/ENOANO, but got 2/ENOENT
In https://github.com/systemd/systemd/pull/38003, one test failed:
Unit tests / build (CLANG_ASAN_UBSAN):
src/test/test-cgroup-util.c:237: Assertion failed: Expected "r" to succeed, but got error: No such device or address
Checks for specific errors were added in ca82f0cbe2db096bc7ff81280b5683ea1beae534,
partially relaxed in e92d699dde746355bba893b2375b7937a52d9e05.
cg_pidref_get_unit() and cg_pid_get_slice() enter a deep chain of calls,
so it's hard to guess where the failure occurred. But those two calls
expect the cgroup path to be "well formed". When we're running in CI,
we don't have full control over what is happening on the machine,
so let's suppress that error too.
The error message is not always meaningful. Also, sometimes we care about the
sign of the value, and we ignore the sign of the error in the printing machinery.
The messages for errno are changed to say "errno" instead of "error". The problem with
the previous formalation is that our errors are always negative and errnos are
positive, so when we print the numerical value, we cannot use the word for both.
Example output:
src/test/test-tests.c:15: Assertion failed: Expected "-1" to succeed, but got error: -1/Operation not permitted
src/test/test-tests.c:16: Assertion failed: Expected "-ENOANO" to succeed, but got error: -55/No anode
src/test/test-tests.c:61: Assertion failed: Expected "0" to fail with error -2/"No such file or directory", but it succeeded
src/test/test-tests.c:62: Assertion failed: Expected "RET_NERRNO(mkdir("/i/will/fail/with/enoent", 666))" to fail with error -55/"No anode", but got the following error: -2/No such file or directory
src/test/test-tests.c:68: Assertion failed: Expected "0" to fail with errno 2/"No such file or directory", but it succeeded
src/test/test-tests.c:70: Assertion failed: Expected "mkdir("/i/will/fail/with/enoent", 666)" to fail with errno 55/"No anode", but got the following errno: 2/No such file or directory
tests: cast to intmax_t instead of printing to a temp buffer
We can do this for int types, i.e. the variants where we expect a
success/error code. The macros which do generating comparison operations
also support floats so we shouldn't use intmax_t there.
The code is shorter and calling printf once is certainly more efficient.
Vitaly Kuznetsov [Mon, 30 Jun 2025 14:56:14 +0000 (16:56 +0200)]
man/systemd-sysext: list ephemeral/ephemeral-import in the list of options
ephemeral/ephemeral-import are described as possible '--mutable' options but
not present in the list. Note, "systemd-sysext --help" lists them correctly.
systemd-journald.service conflicts with soft-reboot.target,
so make sure anything surviving soft-reboot and trying
to log to journal doesn't fail the socket units.
The commit naively returned early from socket_enter_running(), which however
is quite problematic, as the socket will be woken up over and over again
without doing a thing, until we eventually hit Poll/TriggerLimit*=.
On top of that it requires hacks to hold the start job for initrd-switch-root.service
up. Overall I doubt that is the right approach.
Let's instead hook this into our job engine, and try to activate
the service again when some other units are stopped. If all installed
jobs have been run yet we're still seeing the conflict or the manually
selected timeout is reached, fail the socket as before.
The offending commit tries to block systemd-udevd.service
from being activated during switch-root, but it is a dirty hack
and causes problems with e.g. Ctrl-Alt-Delete handling which
actually need to start a conflicting target. Let's revert
this here, and the original issue will be resolved in a cleaner
fashion in later commits.
Nick Labich [Fri, 27 Jun 2025 15:39:46 +0000 (11:39 -0400)]
nspawn: Add --bind-user-shell= to control shells for --bind-user
Prior to this change, no user shell can be specified in the user
records passed into a container via --bind-user=. This new option
allows users to:
1. When false (the default), continue to specify no user shell for
each bound user record, resulting in the use of the container's
default shell for bound users.
2. When true, include each host user's shell in the corresponding
user record passed into a container (via --bind-user=).
3. When an absolute path, set that path as the user shell for each
user record passed into a container (via --bind-user=).
This does not change the existing behavior, but allows users to
opt-in to either copy the shells specified by the host user records
or override the shell explicitly by path.
Michael Ferrari [Fri, 27 Jun 2025 16:26:10 +0000 (18:26 +0200)]
repart: add support for `Format=empty`
This is a new meta value for the `Format=` option, which is equivalent
as specifying `Label=_empty` and `NoAuto=1` for compatibility with
sd-sysupdate.
Yu Watanabe [Tue, 24 Jun 2025 19:51:20 +0000 (04:51 +0900)]
tree-wide: include unistd.h where necessary
We use symbols provided by unistd.h without including it. E.g.
open(), close(), read(), write(), access(), symlink(), unlink(), rmdir(),
fsync(), syncfs(), lseek(), ftruncate(), fchown(), dup2(), pipe2(),
getuid(), getgid(), gettid(), getppid(), pipe2(), execv(), _exit(),
environ, STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO, F_OK, and their
friends and variants, so on.
Currently, unistd.h is indirectly included mainly in the following two paths:
- through missing_syscall.h, which is planned to covert to .c file.
- through signal.h -> bits/sigstksz.h, which is new since glibc-2.34.
Note, signal.h is included by sd-eevent.h. So, many source files
indirectly include unistd.h if newer glibc is used.
Currently, our baseline on glibc is 2.31. We need to support glibc older
than 2.34, but unfortunately, we do not have any CI environments with
such old glibc. CIFuzz uses glibc-2.31, but it builds only fuzzers, and
many files are even not compiled.
Yu Watanabe [Sat, 28 Jun 2025 01:25:05 +0000 (10:25 +0900)]
conf-files: fix an empty root handling in conf_files_list_strv()
Before 50c81130b69d04288f50217bede709bac6ca2b1a, the function used
chase(), hence if root is an empty string, each config directory made
prefixed with the current working directory if it is relative. See
implementation of chase().
With 50c81130b69d04288f50217bede709bac6ca2b1a, conf_files_list_strv()
internally uses chaseat(), hence each config directory is not prefixed
anymore even if it is relative.
To restore the previous behavior, this makes
- if root is an empty string, prefix each config directories with the
current working directory if relative.
- if root is relative, make it absolute to make the prefixed results also
absolute, and debugging logs show absolute paths.
- use chaseat_prefix_root() to prefix the results, for safety.
Yu Watanabe [Sat, 28 Jun 2025 11:55:11 +0000 (20:55 +0900)]
path-util: move empty_or_root_to_null() from chase.c
And rename it to empty_or_root_harder_to_null(), as it also checks if
the input path effectively points to the root by calling path_is_root().
This also adds simple test cases for the function.
The commit was merged without review, and has several issues.
Let's revert the change now, and address the issue pointed out by
the commit later in another way.
The commit was mistakenly merged without review. Also as pointed at
https://github.com/systemd/systemd/pull/37972#discussion_r2173234198
now the output is confusing. Let's revert at least now.
[1] says:
> Since 0.60.0 the name argument is optional and defaults to the basename of
> the first output
We specify >= 0.62 as the supported version, so drop the duplicate name in all cases
where it is the same as outputs[0], i.e. almost all cases.
meson: quote paths in generated systemd-runtest.env
Looking at aecb6eaed7d39d73f296c86a882c644b18b7e634, it seems that we
want build paths with spaces to be supported. Let's use 'printf %q' here
to make that work. Also, use capture:true to make the command less complicated.
Yu Watanabe [Fri, 27 Jun 2025 01:42:24 +0000 (10:42 +0900)]
tree-wide: use CONF_FILES_CHASE_BASENAME where root directory is specified
Otherwise, the result may point to outside of the root directory.
This also sets CONF_FILES_REGULAR and CONF_FILES_FILTER_MASKED, as the
callers will call fopen() or friends for the result, thus the enumerated
results must be non-empty regular files.
Previously, symlinks in the replacement was not chased, hence we may
inserted a path to outside of the root directory, or we may have wrong
judgement whether we should insert the replacement or not.
This makes the symlinks in the replacement also resolved.
Also, as the function is only used by tmpfiles and sysusers, this
enables CONF_FILES_REGULAR, CONF_FILES_CHASE_BASENAME, and
CONF_FILES_FILTER_MASKED_BY_SYMLINK flags.
Yu Watanabe [Fri, 27 Jun 2025 00:20:08 +0000 (09:20 +0900)]
conf-files: introduce CONF_FILES_CHASE_BASENAME flag
Previously, when a root directory is specified to conf_files_list() and
friends, the last component of each result was not resolved, even though
they internally chases the last component. So the caller needs to chase
the path again when the file is used.
This introduce a new flag that makes the whole path of each result is
resolved, hence caller can use it as is.
Yu Watanabe [Thu, 26 Jun 2025 00:42:16 +0000 (09:42 +0900)]
userdb: fix enumeration of .membership files
The man page nss-systemd(8) says
> The contents of these files are currently not read, and the files
> should be created empty.
But previously we filtered out such files, as the CONF_FILES_FILTER_MASKED
flag checks if a file is empty (or symlink to null), thus any empty files
were ignored.
To accept empty .membership files, let's use CONF_FILES_FILTER_MASKED_BY_SYMLINK.
Yaping Li [Fri, 27 Jun 2025 18:53:12 +0000 (11:53 -0700)]
test-xml: migrate to new assertion macros (#37990)
We recently added a new set of assertion macros such as ASSERT_GE,
ASSERT_OK, ASSERT_EQ, ... which show not only the expression that failed
but also the values of the arguments of the expression. Let's use them.
resolved: don't wait for TLS close_notify replies unnecessarily
This is based on #35764 by Guruswamy Basavaiah, but covers further code
paths.
This ensures that when we initiate a TLS shutdown we'll write out our
own close_notify message, but not wait for the close_notify reply from
the server side anymore.
resolved: when determining error to return, prefer "conclusive" over "inconclusive" errors
When asked to look something up, and all scopes we contact fail we need
to pick a suitable error code for the failure, and given that we look up
things on multiple scopes we might have multiple errors to choose from.
So far we simply picked the error from the last scope in the list, which
hence would be pretty arbitrary.
Let's tweak this a bit, and if we have multiple errors to choose from,
let's prefer "conclusive" failures over "inconclusive" ones. The
"inconclusive" ones in this sense are the ones where we didn't even issue
a request, but couldn't even do that because we had no server, no
network or things like that. The "conclusive" ones are the errors we got
from a server, that hence a "real" in a way.
This addresses the confusion described in #37969. For LLMNR lookups we
generally refuse looking up A addresses via IPv6 and AAAA via IPv4. This
generates a DNS_TRANSACTION_NO_SERVERS error, which we would then return
for one type of lookup but not for the other, because the IPv6 scope is
generally created after the IPv4 one, and hence so far won.
timer: Do not recalculate monotonic elapse time on clock change
The only clock change that affects monotonic timers is suspend causing
CLOCK_MONOTONIC to fall behind CLOCK_BOOTTIME. However, monotonic timers
that use CLOCK_BOOTTIME are not intended to have their elapse time
changed after a suspend. Hence condition the calculation of monotonic
timers’ elapse times on the cause not being a clock change.
projects / thirdparty / systemd.git / log
